Commit a1c09667 authored by garciadeblas's avatar garciadeblas
Browse files

Merge branch 'grpc-tls' into 'master' 

Add TLS to gRPC server

See merge request !9
parents 86ae6042 8b7a3950

osm_ee/frontend_server.py

+2 −1
Original line number Diff line number Diff line
@@ -33,6 +33,7 @@ from osm_ee.frontend_pb2 import SshKeyRequest, SshKeyReply 


from osm_ee.base_ee import BaseEE

import osm_ee.util.util_ee as util_ee

import osm_ee.util.util_grpc as util_grpc





class FrontendExecutor(FrontendExecutorBase):
@@ -75,7 +76,7 @@ async def main(*, host: str = '0.0.0.0', port: int = 50051) -> None: 
    # Start server

    server = Server([FrontendExecutor()])

    with graceful_exit([server]):

        await server.start(host, port)

        await server.start(host, port, ssl=util_grpc.create_secure_context())

        logging.getLogger('osm_ee.frontend_server').debug(f'Serving on {host}:{port}')

        await server.wait_closed()

osm_ee/util/util_grpc.py

0 → 100644
+26 −0
Original line number Diff line number Diff line 
import logging

import ssl



logger = logging.getLogger("osm_ee.util_grpc")



SERVER_CERT = "/etc/ssl/grpc-tls/tls.crt"

SERVER_KEY = "/etc/ssl/grpc-tls/tls.key"





def create_secure_context() -> ssl.SSLContext:

    ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)

    # ctx.verify_mode = ssl.CERT_REQUIRED

    try:

        ctx.load_cert_chain(str(SERVER_CERT), str(SERVER_KEY))

    except FileNotFoundError:

        logger.warning("TLS Certificate not found, starting gRPC server in unsecure mode")

        return None

    # TODO: client TLS 

    # ctx.load_verify_locations(str(trusted))

    ctx.set_ciphers('ECDHE+AESGCM:ECDHE+CHACHA20:DHE+AESGCM:DHE+CHACHA20')

    ctx.set_alpn_protocols(['h2'])

    try:

        ctx.set_npn_protocols(['h2'])

    except NotImplementedError:

        pass

    return ctx
 
 No newline at end of file